Insights Header image
Insights Header image
Insights Header image

Happy Data Privacy Week, Canada! 1st Edition

Jan 22, 2024 Publications 2 minute read

Data Privacy Day commemorates the signing of Convention 108 on Jan. 28, 1981, which was the first legally binding international treaty dealing with privacy and data protection. Since that time, privacy has grown in importance in Canada and around the world, and many countries now celebrate a full Data Privacy Week.

This year, the Office of the Privacy Commissioner of Canada has announced that Data Privacy Week will take place from January 22 to 26, and it has declared that the 2024 theme is “Take control of your data”.

Taking control of your data can have multiple meanings. For individuals this can mean taking a more proactive approach to learning about how organizations use their data and exercising choices available to them. However, many organizations also struggle with managing their data. Here are some tips that can help:

McMillan’s Top 5 Tips for Organizations to Take Control of their Data

  1. Data Mapping. In order to take control of data, organizations must first understand what data they process. This requires an examination of the types of data collected, how data is collected (and from where), locations where data is stored, with whom data is shared, how long data is kept, and how data is destroyed.
  2. Assign Roles & Responsibilities. Often data is mismanaged because stakeholders within the organization mistakenly assume that someone else will make sure that appropriate controls are in place and will be followed. Clearly assigning roles and responsibilities to specific individuals within the organization can help to ensure that policies and procedures for handling data are actually implemented, in practice.
  3. Establish a Compliance Structure. It is not uncommon to see massive disparities between how different departments, offices or divisions manage data, especially within large and complex organizations. Establishing a formal privacy and data protection compliance program enhances consistency in processes and helps to ensure that all relevant personnel understand how they should be handling data.
  4. Leverage Technological Solutions. People are critically important to organizations, but they can also be the weakest link in privacy and data security. Often technological solutions can be implemented to reduce human error and increase consistency in how data is handled. For example, a number of vendors offer solutions for access control, data subject rights requests, and automated data deletion. Although these tools can help organizations take control of their data, it is important to ensure that they are designed for compliance with Canadian requirements (not just US and EU laws).
  5. Implement Data Minimization. One reason that data sometimes gets out of control is that organizations accumulate a massive amount of data, much of which is unnecessary, outdated, and/or decentralized. Accumulating vast quantities of data gives rise to a number of privacy and data protection risks, including increased potential for misuse and enhanced costs and risks in the event of a breach. Proactively minimizing the data that your organization collects, and purging old data that is no longer useful, helps stop data from getting out of control. It also reduces data storage costs and facilitates legal compliance!

McMillan’s Privacy and Data Protection Team provides organizations with practical guidance to help our clients manage their data and navigate the complex framework of legal and regulatory requirements across Canada. Celebrate Data Privacy Week by reaching out to your McMillan advisor and to start the process of taking control of your data!

Insights (5 Posts)View More

Featured Insight

Canada’s Updated Ineligibility and Suspension Policy for Federal Procurement Reveals Stricter Eligibility Requirements and More Flexible Enforcement Regime

Government of Canada has updated its eligibility requirements for suppliers involved procurement processes, creating more stringent but also flexible rules.

Read More
Jul 19, 2024
Featured Insight

Reviving Data Breach Class Actions: BC Court of Appeal Breathes New Life into Canadian Privacy and Cybersecurity Litigation

BCCA decisions revive support for Canadian data breach class actions after the viability of such proceedings was stifled by a trio of decisions from the ONCA.

Read More
Jul 18, 2024
Featured Insight

Understanding Quebec’s New Complaint Handling Regulation in the Financial Sector

This bulletin summarizes Quebec's new Regulation on complaint handling in the financial sector effective July 1, 2025.

Read More
Jul 17, 2024
Featured Insight

Energy Insight – Making Dollars and Sense of Carbon Markets – Part 2: Carbon Pricing

We examine the economic and policy challenges associated with carbon pricing systems.

Read More
Jul 10, 2024
Featured Insight

Purchaser in the Driver’s Seat: Ontario Court of Appeal Enforces Commercial Non-Compete

A recent Ontario Court of Appeal decision affirms that non-competes within a sale of business context are presumed enforceable.

Read More
Jul 9, 2024